New Crysis/Dharma Ransomware variant will append the.cobra extension to encrypted files. It is not known exactly how this variant is being distributed, but in the past Crysis was typically spread by hacking into Remote Desktop Services and manually installing the ransomware. This new variant will encrypt mapped network drives and unmapped network shares. It will also create two ransom notes on the infected the computer. The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through a backup.
Source: https://www.bleepingcomputer.com/news/security/new-cobra-crysis-ransomware-variant-released/